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IN THE CLAIMS 

Please amend the claims as follows: 

1 . (Currently Amended): A relay apparatus for a terminal or a server on a private 
network that does not have an address on a global network to perform communication 
through the global network, comprising: 

a WAN interface unit which provides communication with the global network; 

a LAN interface unit which provides communication with the private network; 

an access control unit having means for controlling access from the global network to 
the private network in accordance with an access control rule which is established on a per 
sending device basis or on a per sending network basis; 

an address translation unit having: including, 

means for translating an address in accordance with an address translation rule 
establi shed on a per send i ng d e vice bas is, in order to transferring transfer information from a 
terminal on the global network to a terminal on the private networkjf;]] and 

means for translating an address in accordance with a n address tran s l ation _a rule 
established on a per sending device basis, in order to transferring transfer information from a 
terminal on the private network to a terminal on the global network; and 

a database unit which records the access control rule and the address translation rule^ 
wherein 

the address translation rule associates a sending device and destination on the global 
network with a destination on the private network, and 

if a sending device and destination of the packet received at the WAN interface unit 
matches the sending device and destination on the global network of the address translation 
rule, the address translation unit translates the destination of the packet to the destination on 
the private network . 



2 



Application No. 10/558,629 

Reply to Office Action of October 6, 2009 

2. (Currently Amended): The relay apparatus according to Claim 1, comprising: 

an authentication unit which performs authentication in response to a request for access 
permission sent from a terminal on the global network, wherein: 

the database unit further records user information used by the authentication unit to 
perform authentication; 

wherein the access control unit further has- includes, 

means for adding an access control rule established on a per sending device basis or a 
per sending network basis to the database unit if the authentication succeedsjf;]] and 

means for deleting the added access control rule from the database unit when a 
predetermined criterion for ending communication is satisfied; and 

the address translation unit further has^ includes, 

means for adding an address translation rule which sets the terminal on the global 
network as the sending device es tablished on a per sending device basi s to the database unit if 
the authentication succeeds.Jf;]] and 

means for deleting the added address translation rule from the database unit when a 
predetermined criterion for ending communication is satisfied. 

3. (Currently Amended): The relay apparatus according to Claim 1, wherein: 
the access control unit further has^ includes, 

means for adding an access control rule established on a per sending device basis or on 
a per sending network basis to the database unit in response to a request from an 
authentication sever which performs authentication of a terminal on the global network^ [[;]] 
and 

means for deleting the added access control rule from the database unit when a 
predetermined criterion for ending communication is satisfied; and 
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the address translation unit further-has~ includes, 

means for adding an address translation rule which sets the terminal on the glob al 
network as the sending device established on a per s e nding device basis to the database unit 
in response to a request from the authentication server^;]] and 

means for deleting the added address translation rule from the database unit when a 
predetermined criterion for ending communication is satisfied. 

4. (Currently Amended): An authentication server which permits access to the relay 
apparatus according to Claim 3, comprising: 

an interface unit which provides communication with a terminal on the global network 
and the relay apparatus; 

an authentication unit which performs authentication in response to a request for 
permission to access the relay apparatus from a terminal on the global network; 

a control unit having: including, 

means for requesting the relay apparatus to add an access control rule and an address 
translation rule which sets the terminal on the global network as the sending device for a 
packet from [[a]] the terminal on the global network if authentication at the authentication 
unit succeeds,_[[;]] and 

means for requesting the relay apparatus to delete the added access control rule and 
address translation rule when a predetermined criterion for ending communication is 
satisfied; and 

a database unit which records information associating user information used by the 
authentication unit to perform authentication with an access control rule and address 
translation rule requested to be added. 
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5. (Currently Amended): The relay apparatus according to Claim 1, wherein: 
the access control unit further hasf includes, 

means for adding an access control rule established on a per sending device basis to the 
database unit in response to a request for initiating communication from a terminal on a 
private network i _[[;]] and 

means for deleting the added access control rule from the database unit when a 
predetermined criterion for ending communication is satisfied; and 

the address translation unit further hasi includes, 

means for adding an addres s t ransl a ti on _a_rule established on a per sending device 
basis to the database unit in response to a request for initiating communication from a 
terminal on the private network^;]] and 

means for deleting the added address translation rule from the database unit when a 
predetermined criterion for ending communication is satisfied. 

6. (Currently Amended): An address translation apparatus for a terminal or a server on 
a private network that does not have an address on a global network to perform 
communication through the global network, comprising: 

a WAN interface unit which provides communication with the global network; 
a LAN interface unit which provides communication with the private network; 
an address translation unit having: including, 

means for translating an address in accordance with an address translation rule 
established on a per sending device basi s, in order to transferring transfer information from a 
terminal on the global network to a terminal on the private networieJ[;]] and 
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means for translating an address in accordance with an a d dress translat i on a_rule 
established on a per sending device basis, in order to tran s ferring transfer information from a 
terminal on the private network to a terminal on the global network; and 

a database unit for recording the address translation mies rule, wherein 

the address translation rule associates a sending device and destination on the global 
network with a destination on the private network, and 

if a sending device and destination of the packet received at the WAN interface unit 
matches the sending device and destination on the global network of the address translation 
rule, the address translation unit translates the destination o f the packet to the destination on 
the private network . 

7. (Currently Amended): The address translation apparatus according to Claim 6, 
wherein 

the address translation unit further-has^ includes, 

means for adding an address translation rule which sets the terminal on the global 
network as the sending device established on a per se nd i n g d ev ic e ba sis to the database unit 
in response to a request for initiating communication sent from a terminal on the global 
network^ or a term inal on a private network; and 

means for deleting the added address translation rule from the database unit when a 
predetermined criterion for ending communication is satisfied^ 

means for adding a rule established on a per send in g device basis to the database unit in 
response to a request for initiating communication sent from a terminal on the private 
network, and 

means for deleting the added rule from the database unit when a predetermined 
criterion for ending communication is satisfied . 
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8. (Currently Amended): The address translation apparatus according to Claim 7, 
comprising: 

an authentication unit which performs authentication in response to a request for 
initiating communication from a terminal on the global network, wherein: 

the database unites further records user information used by the authentication unit to 
perform authenticzition^ff;]] and 

the address translation unit adds the address translation rule which sets the terminal on 
the global network as the sending device to the database unit in response to a request for 
initiating communication from a terminal on the global network only if the authentication 
succeeds. 

9. (Currently Amended): The address translation apparatus according to Claim 7, 
wherein the address translation unit adds the address translation rule which sets the terminal 
on the global network as the sending device to the database unit in response to a request for 
initiating communication from a terminal on the global network only if an authentication 
server which performs authentication requests the addition. 

10. (Currently Amended): An authentication server which permits access to the 
address translation apparatus according to Claim 9, comprising: 

an interface unit which provides communication with a terminal on the global network 
and the address translation apparatus; 

an authentication unit which performs authentication in response to a request for 
permission to access the address translation apparatus from a terminal on the global network; 

a control unit having: including. 
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means for requesting the address translation apparatus to add an address translation rule 
which sets the terminal on the global network as the sending device for a pack o t s e nt from a 
terminal on the global network if authentication at the authentication unit succeedsj[;]] and 

means for requesting the address translation apparatus to delete the added address 
translation rule when a predetermined criterion for ending communication is satisfied; and 

a database unit which records user information used by the authentication unit to 
perform authentication. 

11-14. (Canceled). 

15. (Currently Amended): The relay apparatus according to Claim 1, comprising: 
wherein 

the access control rule and the address translation rule have a condition with the EP 
address of the sending device or the IP address of the sending network. 

16. (Currently Amended): The relay apparatus according to Claim 15, comprising: 

an authentication unit which performs authentication in response to a request for access 
permission sent from a terminal on the global network, wherein: 

the database unit further records user information used by the authentication unit to 
perform authentication; 

the access control unit further ha&f includes, 

means for adding an access control rule established on a per sending device basis or a 
per sending network basis to the database unit if the authentication succeeds^_[[;]] and 

means for deleting the added access control rule from the database unit when a 
predetermined criterion for ending communication is satisfied; and 
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the address translation unit further has^ includes, 

means for adding an address translation rule which sets the terminal on the global 
network as the sending device established on a p er sending device basi s to the database unit if 
the authentication succeeds.Jf;]] and 

means for deleting the added address translation rule from the database unit when a 
predetermined criterion for ending communication is satisfied. 

17. (Currently Amended): The address translation apparatus according to Claim 6, 

comprising: wherein 

the address translation rule has a condition with the IP address of the sending device 
or the IP address of the sending network. 

18. (Currently Amended): The address translation apparatus according to Claim 17, 
wherein 

the address translation unit further-hasf includes., 

means for adding an address translation rule which sets the terminal on the global 
network as the sending device establi s hed on a per s e nding device basis to the database unit 
in response to a request for initiating communication sent from a terminal on the global 
network., or a terminal on a private network; and 

means for deleting the added address translation rule from the database unit when a 
predetermined criterion for ending communication is satisfied.. 

means for adding a rule established on a per sending device basis to the database unit in 
response to a request for initiating communication sent from a terminal on a private network, 
and 
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means for deleting the added rule from the database unit when a predetermined 

criterion for ending communication is satisfied . 

19-20. (Canceled). 

21 . (Currently Amended): An address translation method for a terminal on a private 
network that does not have an address on a global network to perform communication 
through the global network, comprising: 

recording an address translation rule associating a sending device and destination on the 
global network with a destination on the private network established on a par s e nding device 
basis in a database unit beforehand; 

when a packet from the global network is received by a WAN interface unit, 

translating, by an address translation unit, a destination of the packet to the destination 
on the private network, if the sending device and destination of the packet received at the 
WAN interface unit matches the sending device and destination on the global network of 
address in accordance with the address translation rulej[;]] and 

transferring, by a LAN interface unit, the packet having the translated address to the 
private network; 

when a packet from the private network is received by a LAN interface unit, 
translating, by the address translation unit, a source address in accordance with the 

a ddr e ss tr anslati oi*~rule established on a per sending device basis ; and 

transferring, by the WAN interface unit, the packet having the translated address to the 

global network. 
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22. (Currently Amended): An address translation method for a terminal on a private 

network that does not have an address on a global network to perform communication 

through the global network, comprising: 

recording an address translation rule associating a sending device and destination on the 
global network with a destination on the private network established on a per sending device 
b asis in a database unit beforehand; 

when a packet from the global network is received by a WAN interface unit, 

performing authentication in an authentication unit, [[and;]] 

if the authentication succeeds, checking, by the address translation unit, the database 
unit to see whether or not an address translation rule that- whose sending device and 
destination on the global network matches a sending device source information and 
destination info rm ation of the packet is stored in the database unit, [[and]] 

if a matching address translation rule is found in the database unit, translating the 
address destination of the packet to the destination on the private network in accordance with 
the address translation rule , and ff:H 

if a matching address translation rule is not found in the database unit, adding an 
address translation rule to the database unit and translating the destination a ddress of the 
packet to the destination on the private network in accordance with the added address 
translation rule; and 

transferring, by a LAN interface unit, the packet having the translated address to the 
private network; 

when a packet from the private network is received by the LAN interface unitj[;]] 
checking, by the address translation unit, the database unit to see whether or not an 
address translation rule tha^ whose destination on the private network matches the sending 
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device s ource information and destination information of the packet is stored recorded in the 
database unit, and 

if a matching address translation rule is found in the database unit, translating the 
a ddress sending device of the packet to an address on the global network of the WAN 
interface in accordance with the address translation rule^[[;]] 

if a matching address translation rule is not found in the database unit, adding an 
address translation rule to the database unit and translating the sending device address of the 
packet to an address on the global network of the WAN interface in accordance with the 
added address translation rule; aed 

transferring by the WAN interface unit the packet having the translated address to the 
global network; and 

if there is an address translation rule added by the address translation unit, deleting 
the address translation rule from the database unit when a predetermined criterion for ending 
communication is satisfied. 

23. (Original): The address translation method according to Claim 22, wherein, 
instead of performing authentication in the authentication unit, determination is made that 
authentication is successful when a request is received from an authentication server which 
performs authentication of a terminal on the global network. 

24-28. (Canceled) 

29. (New): An address translation apparatus for a terminal or a server on a private 
network that does not have an address on a global network to perform communication 
through the global network, comprising: 
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a WAN interface unit which provides communication with the global network; 

a LAN interface unit which provides communication with the private network; 

an address translation unit which translates an address in accordance with an address 
translation rule, in order to transfer information from a terminal on the global network to a 
terminal on the private network, and which translates an address in accordance with a rule 
established on a per sending device basis, in order to transfer information from a terminal on 
the private network to a terminal on the global network; and 

a database unit which records the address translation rule and the rule, wherein 

the address translation rule associates a sending device and destination on the global 
network with a destination on the private network, and 

if a sending device and destination of the packet received at the WAN interface unit 
matches the sending device and destination on the global network of the address translation 
rule, the address translation unit translates the destination of the packet to the destination on 
the private network. 
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